Websites teilweise gesperrt. Warum? Virus inside?

Nil11 · 11.03.2012, 00:03

Hallo,

ich hab ein seeeehr merkwürdiges Problem. Es sind teilweise websites geblockt und ich weiß nicht warum.
Bspw erscheint folgende Warnmeldung:

You have attempted to access a site that is blocked because it may contain information or graphics that are in violation of Lexmark's policies and/or Code of Conduct. The site is blocked because it has been categorized "Gambling" by Bluecoat. Repeated attempts to access this site may lead to disciplinary action up to and including termination.

If you require access to this site for valid business purposes, your manager must request that the block be removed by sending an e-mail to "Lexmark IT Security". The e-mail must include:

Your name as the requestor
The specific URL address(es) to which access is required
Indication that the access is required as part of your work assignments

For your review, the IT security standards relating to Internet use can be found at https://l1uslxwb02.place.lexmark.com/us/itconten.nsf/vContentByContentID/6MMSUA

LMPX01KS007

Das Problem tauch nur bei Firefox auf und ich bin hier zu Hause (nicht im Büro).

Hab WLan + Fritzbox

Vielen Dank schonmal sollte mir jmd versuchen zu helfen

markusg · 11.03.2012, 20:42

hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Nil11 · 12.03.2012, 00:41

ich hab die lösung: es war ein proxy eingetragen. aber ich war das sicher nicht.

Könnte das von einem Virus gemacht worden sein? oder von meinen mitbewohnern, die ne lanparty hatten? Aber nicht mit meinem pc! Oder kann das von nem add-on kommen. z.b. diesem proxy-teil, um youtubevideos sehen zu können die von gema gesperrt sind?

markusg · 12.03.2012, 12:19

und, woher soll ich das wissen ohne irgendwelche berichte über deinen pc gesehen zu haben, wie zb den bereits angeforderten?

Nil11 · 12.03.2012, 16:18

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 12.03.2012 13:13:16 - Run 2
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\xxxx\Desktop\Stuff
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581,64 Gb Total Space | 200,64 Gb Free Space | 34,50% Space Free | Partition Type: NTFS
Drive D: | 14,53 Gb Total Space | 2,07 Gb Free Space | 14,22% Space Free | Partition Type: NTFS
Drive E: | 7,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: xxxx-PC | User Name: xxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\xxxx\Desktop\Stuff\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE (Hauppauge Computer Works)
PRC - C:\PROGRA~2\WinTV\TVServer\CAPTUR~4.EXE (Hauppauge Computer Works)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Users\xxxx\Local Settings\Apps\F.lux\flux.exe ()
PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\MATLAB71\bin\win32\MATLAB.exe (The MathWorks Inc.)
PRC - C:\Program Files (x86)\MATLAB71\webserver\bin\win32\matlabserver.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\xxxx\Desktop\Stuff\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\ezsvc7.dll File not found
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (HauppaugeTVServer) -- C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE (Hauppauge Computer Works)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (postgresql-8.4) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION)
SRV - (matlabserver) -- C:\Program Files (x86)\MATLAB71\webserver\bin\win32\matlabserver.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (yyca) -- C:\Windows\SysNative\drivers\txgtym.sys File not found
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SRTSPX64.SYS File not found
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SRTSP64.SYS File not found
DRV:64bit: - (sboliv) -- C:\Windows\SysNative\drivers\giecpry.sys File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (ildid) -- C:\Windows\SysNative\drivers\icbpzwk.sys File not found
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (hcw95rc) -- C:\Windows\SysNative\DRIVERS\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hcw95bda) -- C:\Windows\SysNative\Drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\DRIVERS\fwlanusbn.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\DRIVERS\lv302a64.sys (Logitech Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation                                            )
DRV:64bit: - (Point64) -- C:\Windows\SysNative\DRIVERS\point64k.sys (Microsoft Corporation)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (LUMDriver) -- C:\Windows\SysNative\drivers\LUMDriver.sys (IBM)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) -- c:\Programme\PC-Doctor for Windows\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Presario&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Presario&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Presario&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Presario&pf=cndt
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Presario&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.http: "70.129.197.8"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.09 19:26:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.11 00:05:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.10 22:36:34 | 000,000,000 | ---D | M]
 
[2009.09.15 15:39:15 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\mozilla\Extensions
[2012.02.07 12:11:15 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\jcwd05qk.default\extensions
[2010.07.16 13:28:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\jcwd05qk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.03.11 00:05:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.16 00:59:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.16 15:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.16 11:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 11:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2010.11.22 18:26:12 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Epson Stylus SX235(Netzwerk)] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIHLE.EXE File not found
O4 - HKCU..\Run: [F.lux] C:\Users\xxxx\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\xxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: asc.at ([*.uibk] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: uibk.ac.at ([]https in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\xxxx\Pictures\neuron2.jpg
O24 - Desktop BackupWallPaper: C:\Users\xxxx\Pictures\neuron2.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2ad1080e-61e2-11e0-9dcb-0026180e470c}\Shell - "" = AutoRun
O33 - MountPoints2\{2ad1080e-61e2-11e0-9dcb-0026180e470c}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoStart IR.lnk - C:\PROGRA~2\WinTV\Ir.exe - (Hauppauge Computer Works)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\PROGRA~2\MICROS~2\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinTV Recording Status..lnk - C:\PROGRA~2\WinTV\WinTV7\WINTVT~2.EXE - (Hauppauge Computer Works, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^xxxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - C:\Programme\Logitech\Logitech WebCam Software\eReg.exe - (Leader Technologies/Logitech)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeUpdater6 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe File not found
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: EPSON SX235 Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATIHLE.EXE (SEIKO EPSON CORPORATION)
MsConfig:64bit - StartUpReg: HP Health Check Scheduler - hkey= - key= - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe File not found
MsConfig:64bit - StartUpReg: hpsysdrv - hkey= - key= - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: IntelliPoint - hkey= - key= - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Logitech Vid - hkey= - key= - C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: LogitechCommunicationsManager - hkey= - key= - C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe File not found
MsConfig:64bit - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
MsConfig:64bit - StartUpReg: UpdateLBPShortCut - hkey= - key= - c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdateP2GoShortCut - hkey= - key= - c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdatePDIRShortCut - hkey= - key= - c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdatePSTShortCut - hkey= - key= - c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: ztyvl - hkey= - key= - C:\Users\xxxx\AppData\Roaming\ipxhnf.DLL File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.06 13:24:05 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\SunODFPluginforMicrosoftOffice
[2012.03.06 12:06:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.02.29 13:25:30 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Desktop\Biomaterialien1u2
[2012.02.25 22:04:33 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\DDMSettings
[2012.02.24 22:46:39 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{E5C58327-B678-4237-A36E-CDA95BBD2AAD}
[2012.02.24 22:46:18 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{01F1531F-8BD5-4C5F-99E8-352FC65C9022}
[2012.02.24 00:58:40 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{1873DDFF-5E3B-4E06-8035-B7572D40E73C}
[2012.02.24 00:58:17 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{8AC52835-714B-4AF7-B558-A2331FC67A6B}
[2012.02.21 01:19:18 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Desktop\Bewerbung
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.12 13:02:24 | 000,193,233 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.03.12 13:02:24 | 000,193,233 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.03.12 12:56:26 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.12 12:56:26 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.12 12:56:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.11 13:32:47 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{38C904F9-80A2-4759-8182-D7F9BB04BFF2}.job
[2012.03.08 21:17:50 | 000,000,865 | ---- | M] () -- C:\Users\xxxx\.recently-used.xbel
[2012.03.07 11:15:05 | 004,347,392 | ---- | M] () -- C:\Users\xxxx\Desktop\Praktikumsbericht 2012.doc
[2012.03.06 15:03:54 | 000,171,008 | ---- | M] () -- C:\Users\xxxx\Desktop\337697-vonderHeyde-komare-wise-11-12.doc
[2012.03.02 19:16:38 | 000,000,285 | ---- | M] () -- C:\Windows\matlab.ini
[2012.03.01 15:45:07 | 000,002,415 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.02.25 13:37:29 | 000,000,965 | ---- | M] () -- C:\Users\xxxx\Desktop\Dropbox.lnk
[2012.02.25 13:37:29 | 000,000,945 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.02.24 16:18:13 | 001,560,144 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.24 16:18:13 | 000,671,424 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.24 16:18:13 | 000,632,154 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.24 16:18:13 | 000,144,592 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.24 16:18:13 | 000,118,780 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.16 12:32:40 | 000,333,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.15 23:29:48 | 000,132,320 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.08 21:17:50 | 000,000,865 | ---- | C] () -- C:\Users\xxxx\.recently-used.xbel
[2012.03.07 10:39:51 | 004,347,392 | ---- | C] () -- C:\Users\xxxx\Desktop\Praktikumsbericht 2012.doc
[2012.03.06 13:50:28 | 000,171,008 | ---- | C] () -- C:\Users\xxxx\Desktop\337697-vonderHeyde-komare-wise-11-12.doc
[2012.03.06 13:17:21 | 000,388,600 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_vcredistMSI6B2D.txt
[2012.03.06 13:17:21 | 000,013,402 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_vcredistUI6B2D.txt
[2012.02.09 22:34:31 | 000,336,848 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_HelpSetup_MSI2628.txt
[2012.02.09 22:34:05 | 001,641,302 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_SharedManagementObjects_MSI25D3.txt
[2012.02.09 22:33:43 | 000,513,576 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_SQLSysClrTypes_msi258B.txt
[2012.02.09 22:30:17 | 016,675,080 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_VSMsiLog22E7.txt
[2012.02.09 22:29:59 | 001,540,604 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_netfx_dtp22B0.txt
[2012.02.09 22:29:43 | 000,334,982 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_vc_runtime_x86_msi227B.txt
[2012.02.09 22:29:33 | 000,336,716 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_dw20shared_x86_msi225B.txt
[2012.02.09 22:28:45 | 000,076,448 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_depcheck_VS_Isolated Shell_100.txt
[2012.02.09 22:28:27 | 000,052,600 | ---- | C] () -- C:\Users\xxxx\AppData\Local\uxeventlog.txt
[2012.02.09 22:28:27 | 000,000,002 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_error_vs_isoshell_100.txt
[2012.02.09 22:28:26 | 000,248,914 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_install_vs_isoshell_100.txt
[2012.02.09 22:02:06 | 001,538,470 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.10 22:57:15 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011.07.17 16:28:25 | 000,000,680 | ---- | C] () -- C:\Users\xxxx\AppData\Local\d3d9caps.dat
[2011.07.17 14:17:41 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.06.06 18:59:50 | 000,000,285 | ---- | C] () -- C:\Windows\matlab.ini
[2011.04.08 14:54:08 | 000,034,706 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.04.08 14:53:31 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.04.08 14:53:24 | 000,372,302 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_vcredistMSI1267.txt
[2011.04.08 14:53:24 | 000,013,382 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_vcredistUI1267.txt
[2011.04.08 14:52:34 | 000,008,128 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2010.12.09 13:03:09 | 000,357,006 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_vcredistMSI1E06.txt
[2010.12.09 13:03:06 | 000,013,526 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_vcredistUI1E06.txt
[2010.06.04 01:56:52 | 000,441,242 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_vcredistMSI3F1C.txt
[2010.06.04 01:56:52 | 000,013,822 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_vcredistUI3F1C.txt
[2010.04.11 13:23:04 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2010.04.11 13:21:39 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2010.04.11 13:21:39 | 000,000,059 | ---- | C] () -- C:\Windows\wpd99.drv
[2010.04.09 22:28:39 | 000,367,444 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_vcredistMSI566E.txt
[2010.04.09 22:28:39 | 000,013,382 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_vcredistUI566E.txt
[2010.04.09 21:53:56 | 000,367,722 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_vcredistMSI3BDC.txt
[2010.04.09 21:53:56 | 000,014,934 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_vcredistUI3BDC.txt
[2010.04.09 16:47:36 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2010.04.09 16:44:39 | 000,065,016 | ---- | C] () -- C:\Program Files (x86)\hminstalllog.txt
[2010.04.09 16:41:39 | 000,368,700 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_vcredistMSI4CD6.txt
[2010.04.09 16:41:38 | 000,019,486 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_vcredistUI4CD6.txt
[2010.04.09 16:19:34 | 000,436,708 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_vcredistMSI3BF2.txt
[2010.04.09 16:19:34 | 000,013,558 | ---- | C] () -- C:\Users\xxxx\AppData\Local\dd_vcredistUI3BF2.txt
[2009.12.03 17:39:40 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.12.03 17:38:54 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.10.15 10:44:33 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.09.21 19:09:46 | 000,000,507 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.09.17 15:37:48 | 000,000,371 | ---- | C] () -- C:\Users\xxxx\AppData\Local\postgresinstall.bat
[2009.09.14 13:39:48 | 000,136,192 | ---- | C] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.19 05:30:30 | 000,193,233 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.05.19 05:30:19 | 000,193,233 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.05.19 05:10:11 | 000,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll
[2009.05.19 05:10:11 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
 
========== LOP Check ==========
 
[2010.06.22 14:31:34 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\AnvSoft
[2012.02.09 22:37:34 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Atmel
[2009.09.15 00:45:39 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Blitware
[2011.06.06 18:43:57 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\DassaultSystemes
[2010.06.14 20:21:19 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Design Science
[2012.03.12 13:03:14 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Dropbox
[2012.01.25 12:36:04 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Epson
[2010.10.13 16:33:28 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\gtk-2.0
[2011.06.30 17:37:07 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\HEM Data
[2012.01.09 12:59:35 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Hoegeg
[2009.09.15 00:58:42 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Leadertech
[2009.12.29 00:54:24 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\PacificPoker
[2010.04.11 13:23:04 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\pdf995
[2010.07.31 22:47:58 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Picturenaut
[2010.11.24 18:30:59 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\postgresql
[2011.05.08 19:51:14 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Roaming
[2009.09.14 14:15:46 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Template
[2012.02.09 22:44:06 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\VisualAssist
[2009.09.14 13:10:59 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\WildTangent
[2012.01.08 23:21:15 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Yzoz
[2012.01.15 04:54:59 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2011.08.31 09:33:42 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012.03.12 02:44:48 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.11 13:32:47 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{38C904F9-80A2-4759-8182-D7F9BB04BFF2}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.09.14 13:06:29 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.10.28 02:01:18 | 000,000,000 | ---D | M] -- C:\36b35decb08097573c562f9d86d64c
[2012.02.02 20:50:12 | 000,000,000 | ---D | M] -- C:\ado
[2010.02.20 10:18:36 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.04.08 16:56:58 | 000,000,000 | -H-D | M] -- C:\CanoScan
[2009.09.16 12:29:41 | 000,000,000 | ---D | M] -- C:\Digifotos
[2006.11.02 16:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.09.14 12:56:35 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.09.08 23:00:33 | 000,000,000 | ---D | M] -- C:\Hauppauge
[2012.01.15 22:01:45 | 000,000,000 | ---D | M] -- C:\HMArchive
[2011.08.31 09:31:15 | 000,000,000 | -H-D | M] -- C:\hp
[2008.01.21 04:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2010.04.04 18:49:54 | 000,000,000 | ---D | M] -- C:\Poker
[2012.02.09 22:34:32 | 000,000,000 | R--D | M] -- C:\Programme
[2012.03.06 13:50:55 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.01.10 22:56:51 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.09.14 12:56:38 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.08.25 20:26:02 | 000,000,000 | ---D | M] -- C:\Programs
[2012.03.12 13:15:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.02.07 12:04:49 | 000,000,000 | R--D | M] -- C:\Users
[2012.02.22 18:11:20 | 000,000,000 | ---D | M] -- C:\Windows
[2010.11.22 18:26:12 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[1999.10.02 11:24:46 | 000,017,408 | ---- | M] () MD5=1363337A5301619F00F8033835EF30E9 -- C:\Program Files (x86)\MATLAB71\sys\perl\win32\site\lib\auto\Win32\EventLog\EventLog.dll
[2007.05.17 20:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\Cyberlink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.05.19 14:23:47 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2009.05.19 14:23:47 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2009.05.19 14:23:47 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2009.05.19 14:23:47 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009.05.19 14:23:47 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2009.05.19 14:23:47 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009.05.19 14:23:47 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2009.05.19 14:23:47 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 03:50:16 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\FirewallAPI.dll
 
< %USERPROFILE%\*.* >
[2012.03.08 21:17:50 | 000,000,865 | ---- | M] () -- C:\Users\xxxx\.recently-used.xbel
[2010.06.09 17:04:20 | 005,976,576 | ---- | M] () -- C:\Users\xxxx\Kopie von wm2010xxl_v1-32.xls
[2012.03.12 13:21:53 | 005,505,024 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat
[2012.03.12 13:21:52 | 000,262,144 | -H-- | M] () -- C:\Users\xxxx\ntuser.dat.LOG1
[2009.09.14 12:56:57 | 000,000,000 | -H-- | M] () -- C:\Users\xxxx\ntuser.dat.LOG2
[2010.02.06 11:34:29 | 000,065,536 | -HS- | M] () -- C:\Users\xxxx\NTUSER.DAT{3fec91b7-a1f1-11de-8e10-0026180e470c}.TM.blf
[2010.02.06 11:34:29 | 000,524,288 | -HS- | M] () -- C:\Users\xxxx\NTUSER.DAT{3fec91b7-a1f1-11de-8e10-0026180e470c}.TMContainer00000000000000000001.regtrans-ms
[2009.09.16 00:32:38 | 000,524,288 | -HS- | M] () -- C:\Users\xxxx\NTUSER.DAT{3fec91b7-a1f1-11de-8e10-0026180e470c}.TMContainer00000000000000000002.regtrans-ms
[2010.10.27 00:55:39 | 000,065,536 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat{7bf33370-130b-11df-b92e-0026180e470c}.TM.blf
[2010.10.27 00:55:39 | 000,524,288 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat{7bf33370-130b-11df-b92e-0026180e470c}.TMContainer00000000000000000001.regtrans-ms
[2010.02.06 14:35:23 | 000,524,288 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat{7bf33370-130b-11df-b92e-0026180e470c}.TMContainer00000000000000000002.regtrans-ms
[2009.09.14 15:18:13 | 000,065,536 | -HS- | M] () -- C:\Users\xxxx\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2009.09.14 15:18:13 | 000,524,288 | -HS- | M] () -- C:\Users\xxxx\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2009.09.14 14:28:31 | 000,524,288 | -HS- | M] () -- C:\Users\xxxx\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2012.03.12 02:45:04 | 000,065,536 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat{dbb7d6d7-e277-11df-b315-0026180e470c}.TM.blf
[2012.03.12 02:45:04 | 000,524,288 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat{dbb7d6d7-e277-11df-b315-0026180e470c}.TMContainer00000000000000000001.regtrans-ms
[2010.10.29 01:50:48 | 000,524,288 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat{dbb7d6d7-e277-11df-b315-0026180e470c}.TMContainer00000000000000000002.regtrans-ms
[2010.02.06 11:43:21 | 000,065,536 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat{ed795243-1304-11df-97c0-0026180e470c}.TM.blf
[2010.02.06 11:43:21 | 000,524,288 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat{ed795243-1304-11df-97c0-0026180e470c}.TMContainer00000000000000000001.regtrans-ms
[2010.02.06 11:43:21 | 000,524,288 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat{ed795243-1304-11df-97c0-0026180e470c}.TMContainer00000000000000000002.regtrans-ms
[2009.09.14 12:56:58 | 000,000,020 | -HS- | M] () -- C:\Users\xxxx\ntuser.ini
[2012.01.10 22:33:04 | 000,000,000 | ---- | M] () -- C:\Users\xxxx\Sti_Trace.log
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Posix: %SystemRoot%\system32\psxss.exe File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:A4227A8EF796BADF

< End of report >

--- --- ---

markusg · 12.03.2012, 16:25

wie ist der name und die internet adresse von dem adon das du instaliert hattest

Nil11 · 12.03.2012, 17:12

adblock plus 2.0.3

proxtube - unblock youtube 1.3.4

der hier hatte scheinbar das gleiche problem:
"Lexmark" sperrt Zugriff auf Webseiten über Firefox Kyranth

markusg · 12.03.2012, 18:44

malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Nil11 · 12.03.2012, 20:10

hab ich gestern schon durchlaufen lassen. es wurde nichts gefunden

Nil11 · 12.03.2012, 23:15

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5137

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

17.11.2010 17:09:08
mbam-log-2010-11-17 (17-09-08).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 155376
Laufzeit: 3 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

markusg · 13.03.2012, 11:10

danke für das log.
jetzt updaten, vollständiger scan.

Nil11 · 13.03.2012, 17:05

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.13.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19190
xxxx:: xxxx-PC [Administrator]

13.03.2012 13:19:29
mbam-log-2012-03-13 (13-19-29).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 575978
Laufzeit: 2 Stunde(n), 39 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

markusg · 13.03.2012, 17:35

noch probleme aufgetreten?
lade den CCleaner standard:
CCleaner Download - CCleaner 3.16.1666
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

12.03.2012, 16:25	#6
markusg /// Malware-holic	Websites teilweise gesperrt. Warum? Virus inside? wie ist der name und die internet adresse von dem adon das du instaliert hattest __________________ --> Websites teilweise gesperrt. Warum? Virus inside?

13.03.2012, 11:10	#11
markusg /// Malware-holic	Websites teilweise gesperrt. Warum? Virus inside? danke für das log. jetzt updaten, vollständiger scan. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Websites teilweise gesperrt. Warum? Virus inside?

Plagegeister aller Art und deren Bekämpfung: Websites teilweise gesperrt. Warum? Virus inside?